TikTok has been fined €345 million by Ireland’s data watchdog following an investigation into how the social media platform processed children’s data.
The fine was imposed on TikTok Technology Limited (TTL) by the Data Protection Commission (DPC) after the probe into how certain privacy settings and features complied with obligations under the EU’s General Data Protection Regulation.
The DPC inquiry examined age verification as part of the registration process and the processing of the personal data of children by the Chinese-owned video-sharing platform between July 31st and December 31st, 2020.
Tiktok said that it “respectfully disagreed” with the level of the fine imposed and stated that it related to features and settings which were in place three years ago.
The DPC adopted its final decision regarding its inquiry into TTK on September 1st.
The DPC ruling described how child users progressed through the sign-up to the TikTok platform in such a manner that their accounts were set to public by default.
It said this meant that videos that were posted to child users’ account were public-by-default and comments were enabled publicly by default.
In the Family Pairing feature, the DPC said a child user’s accounts could be “paired” with an unverified non-child.
It said the non-child user had the power to enable direct messages for child users above the age of 16, thereby making this feature less strict for the child user.
As part of the inquiry, the DPC also examined some of TTL’s transparency obligations, including the extent of information provided to child users in relation to default settings.
The DPC has issued a reprimand as well as an order requiring TTL to bring its processing into compliance by taking specified action specified within three months and administrative fines totalling €345 million.
A spokesperson for TikTok said: “We respectfully disagree with the decision, particularly the level of the fine imposed.
“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”
It is the latest in a series of fines handed out by the DPC in Ireland to social media giants.
Earlier this year, Facebook’s parent company Meta Ireland was fined €390 million for breaches of EU data privacy rules, one of a number of fines the DPC has imposed on the company.
In January WhatsApp was fined more than €5 million over data protection breaches and last year Instagram was fined €405 million over the way in which it handled teenagers’ personal data.
Earlier this year, the UK's Information Commissioner’s Office fined TikTok £12.7 million (€14.8 million) because it “did not do enough” to make sure underage children were not using its platform and ensure that their data was used correctly.